I think experience has to be informed, such that one can have many users representative of the population, and then test them against various malware. Then results can be verified and shared to the public.
Comodo might come back from the grave
- Thread starter vaccineboy
- Start date
- Status
I think experience has to be informed, such that one can have many users representative of the population, and then test them against various malware. Then results can be verified and shared to the public.
F
ForgottenSeer 98186
Tend to agree. I never directly tested CF by intentionally throwing known malware at it. Others have, including @cruelsister. Not sure if CF has been tested in MT Hub. I have not seen (or noticed) comodo at AV-C. I forget the name of the lab that might have tested CF.
that's what I thought... not sure how "informed" mine was...
F
ForgottenSeer 97327
Thanks for spelling out Melih's messages. A mortal like me does not has access to the inner circle of Comodo's board of directors. We are lucky to have someone like you (one of the chosen ones in direct contact with his Melihness) to explain this thoughts and considerations to us.
Thanks for this reassuring insight.Oerlink said:
Last edited by a moderator:
F
ForgottenSeer 98186
Melih explained his position on the Comodo forum. All you need to do is go to forum and read his posts.
He will tell you himself... don't like anything he makes or how he does things, you have the freedom not to use his product.
OK so you develop a bulletproof security software solution that stops 99.9% of malware and then you just let it slowly die, not fix bugs, not release updates, not improve it and not put any effort or even think about into making it into a successful subscription model, where you pay a yearly fee to use it with which you could make millions?
Doesn't make any sense. Logic does not apply! Maybe there just isn't any money in Firewalls?
Doesn't make any sense. Logic does not apply! Maybe there just isn't any money in Firewalls?
Last edited:
F
ForgottenSeer 97327
Do you have a link where he tells you that he is not ignoring Windows 11, just to busy with more important stuff? I can't find that on the forum.
According to business reports, Comodo's turnover was 53.4 million, that is roughly 1/10th of Bitdefender's estimated turnover on that same website. Melih has received 10x this amount of money for his Comodo CA division (now Sectigo), so he has enough money and Xcitium is a healthy organization (income wise). As posted earlier, the Xcitium endpoint protection is basically CIS in CruelSister's configuration, so they use the underlying technology, but the firewall part is not the core proposition, the sandbox is what makes them stand out "default deny with default allow (sandbox) useability". Despite this advantage and relatively low price for managed EDR they are the bottom of the third-tier vendors in the < 50 million company size market (for comparison MalwareBytes and Webroot do much better).
This whole debacle is wrong on many levels but mainly because it revolves around a dead product. Even the name of the thread is “Comodo may come back from the grave”.
So it becomes quite evident quite quick that we are talking about a software that’s been phased out.
Is it true that defence+ brings business grade features (sandboxing is frequently reserved for enterprise products, albeit being a bit different there) to home users?
Yes, it is. And it does it for free.
Should the product really be deployed and should we all rush to download it from the website?
I don’t think so.
The product not being updated for 2 years means that it contains a collection of outdated drivers and scanning for malware, emulating (if Comodo uses emulation) as well as running malware in an outdated sandbox MAY (bear in mind I am not saying it WILL but exploring a possibility here) provide malware with more access it could normally have, simply being missed by a regular (if that’s a thing) antivirus. Once a malware is able to obtain kernel access, it could bypass a whole stack of defences.
It is wrong to assume that default-deny is the panacea that will sort all your malware problems out as there are ways to go around default-deny, as well as reputation monitoring by using signed malware.
According to a Trend Micro report which can be found below, there is a vast amount of malware being signed.
www.trendmicro.com
I also urge readers to have a look at this article about threats to Windows kernel:
It is also wrong to assume that default-deny is something exclusively patented by, and reserved for Comodo. There are various different implementations of default-deny, with the most notable being the App Control by Kaspersky, but products like Avast/AVG with hardened mode, Trend Micro and Norton have light implementations as well.
Antimalware products should be designed carefully, always with security and potential exploits in mind. All third-party libraries MUST be updated as soon as possible and the AV engine must be heavily contained& restricted. Automatically capturing every downloaded file with outdated engines could lead to a 0-click exploit.
Even vendors like Norton have been on the news for not updating libraries: Symantec security flaws are "as bad as they get," says researcher
And just because nobody has been interested to test Comodo properly and document any security holes, or because 2-3 people on MalwareTips “never had any issues”, doesn’t mean that the product is not plagued with security holes. Or that security holes haven’t been exploited out there. We all remember articles about AV drivers being abused.
Delicately swinging and re-shaping words around in a lawyer-like matter to support a favourite product of choice (E.g. no updates are needed cuz it’s already ahead of its time, nobody said the product is not compatible with Windows 11, there is no evidence of bugs) can’t change the FACTS.
And what are the facts?
1. This is a free product and in today’s inflation, as well as with the costs to develop, manage and distribute a product there is no way you can have a great antivirus when nobody pays for it.
2. This is now an outdated product in a world where threats evolve quickly and other vendors distribute monthly updates/fixes + up-to-the-minute threat intelligence updates.
3. Product offers below minimum support and should absolutely be avoided by novice users who may not know how to handle certain situations.
4. The product was released before Windows 11 was officially distributed by Microsoft. There is no official statement that says “Stop! Do not use on Windows 11!” but there is also no official statement “Yes! We are compatible.”
5. Bugs have been reported for ages. How many of these are true, accurate, widespread, how many can be reproduced is not that important.
Users are facing issues and there is nobody to help.
6. There is no evidence of the design being flawed, but also there is very little information that it is secure.
For example, can anyone supporting Comodo provide any light on whether the AV engine runs with a wrapper around, or whether the drivers used by ViruScope, anti-malware engine and sandboxing are protected by abuse? Comodo has no bug bounty (just saying).
I personally would not recommend, use or condone/support a product of this nature.
So it becomes quite evident quite quick that we are talking about a software that’s been phased out.
Is it true that defence+ brings business grade features (sandboxing is frequently reserved for enterprise products, albeit being a bit different there) to home users?
Yes, it is. And it does it for free.
Should the product really be deployed and should we all rush to download it from the website?
I don’t think so.
The product not being updated for 2 years means that it contains a collection of outdated drivers and scanning for malware, emulating (if Comodo uses emulation) as well as running malware in an outdated sandbox MAY (bear in mind I am not saying it WILL but exploring a possibility here) provide malware with more access it could normally have, simply being missed by a regular (if that’s a thing) antivirus. Once a malware is able to obtain kernel access, it could bypass a whole stack of defences.
It is wrong to assume that default-deny is the panacea that will sort all your malware problems out as there are ways to go around default-deny, as well as reputation monitoring by using signed malware.
According to a Trend Micro report which can be found below, there is a vast amount of malware being signed.
Understanding Code Signing Abuse in Malware Campaigns
Using a machine learning system, we analyzed 3 million software downloads, and provide insights in this three-part blog series. In this part of this series, we discuss the problems regarding code signing abuse.
I also urge readers to have a look at this article about threats to Windows kernel:
It is also wrong to assume that default-deny is something exclusively patented by, and reserved for Comodo. There are various different implementations of default-deny, with the most notable being the App Control by Kaspersky, but products like Avast/AVG with hardened mode, Trend Micro and Norton have light implementations as well.
Antimalware products should be designed carefully, always with security and potential exploits in mind. All third-party libraries MUST be updated as soon as possible and the AV engine must be heavily contained& restricted. Automatically capturing every downloaded file with outdated engines could lead to a 0-click exploit.
Even vendors like Norton have been on the news for not updating libraries: Symantec security flaws are "as bad as they get," says researcher
And just because nobody has been interested to test Comodo properly and document any security holes, or because 2-3 people on MalwareTips “never had any issues”, doesn’t mean that the product is not plagued with security holes. Or that security holes haven’t been exploited out there. We all remember articles about AV drivers being abused.
Delicately swinging and re-shaping words around in a lawyer-like matter to support a favourite product of choice (E.g. no updates are needed cuz it’s already ahead of its time, nobody said the product is not compatible with Windows 11, there is no evidence of bugs) can’t change the FACTS.
And what are the facts?
1. This is a free product and in today’s inflation, as well as with the costs to develop, manage and distribute a product there is no way you can have a great antivirus when nobody pays for it.
2. This is now an outdated product in a world where threats evolve quickly and other vendors distribute monthly updates/fixes + up-to-the-minute threat intelligence updates.
3. Product offers below minimum support and should absolutely be avoided by novice users who may not know how to handle certain situations.
4. The product was released before Windows 11 was officially distributed by Microsoft. There is no official statement that says “Stop! Do not use on Windows 11!” but there is also no official statement “Yes! We are compatible.”
5. Bugs have been reported for ages. How many of these are true, accurate, widespread, how many can be reproduced is not that important.
Users are facing issues and there is nobody to help.
6. There is no evidence of the design being flawed, but also there is very little information that it is secure.
For example, can anyone supporting Comodo provide any light on whether the AV engine runs with a wrapper around, or whether the drivers used by ViruScope, anti-malware engine and sandboxing are protected by abuse? Comodo has no bug bounty (just saying).
I personally would not recommend, use or condone/support a product of this nature.
Last edited:
That opens one's eyes. Is this whole 'Bug Reporting' thing on the Comodo Forum than just nothing more than a fake reporting spot which is not taken seriously by Comodo as they didn't work on / fix any of those bugs in the past two+ years?This is where the CIS bugs are reported - and NONE of them are confirmed by Comodo. C.O.M.O.D.O. RT is just a community manager\moderator who performs basic triage. They are not a part of Comodo engineering\development. He\she is a go-between for Comodo engineering with the participants on the forum.
Comodo Forum
Comodo community forum to discuss and help people using security productsforums.comodo.com
There are 14 issues in the CIS\CF public bug tracker (there is also the internal\private Comodo bug tracker which the public does not get to see). The interaction between C.O.M.O.D.O. RT and the people on the forum is not a confirmation of anything. That person is just asking questions back-and-forth, providing steps like "uninstall\re-install" and passing information along to developers, if necessary. Nowhere do they state that anybody from Comodo engineering\development "confirms your submitted bug."
It is just amazing how people mis-state the facts.
F
ForgottenSeer 97327
Yes see answer of the chosen one
On top of that they have a slow update policy
Oerlink said:
Last edited by a moderator:
This statement is partially true; Comodo not only did never rank first anywhere, but has never even participated. There are no test records that can be pulled out.
Comodo had a beef with Symantec for years, much can be found online, also here: Symantec answers Comodo | IT World Canada News
Melih demanded that both Symantec/Norton and Comodo be put side by side to see who will win.
In a forum post back then, years ago, he stated he would release a Norton vs Comodo video to see “who will protect better. $$$ Norton or the free Comodo”. In the end, he did not release anything and he did not sign up their product to any tests to prove it was better than Norton or anyone else.
The thing about Comodo’s technology is that it needs to be deployed wisely and a whitelist to be maintained at all times. Otherwise you risk causing more problems than you solve.
I had big problems with uninstall. Most of time I remove manually. Even their standalone uninstaller didn't help. I never like it as product anti virus.
F
ForgottenSeer 97327
I don't recall the name of the website, but I remember their Firewall used to be number one 90% of the time on a website which compared firewalls only. I also found Comodo test on AV-Test
Test Antivirus-Programme Comodo (latest from 2019) and it also participated in the 2020 round of AV-Labs and was awarded product of the year https://avlab.pl/wp-content/uploads/2021/01/AVLab-Product-of-the-year-2020.pdf
To be fair there is only 1 critical vulnability reported in two years (in 2022 which is still not fixed): CVE-2022-34008 : Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privil On the other hand on Comodo's forum two rather serious Sandbox bypasses are mentioned List of current bugs - News / Announcements / Feedback - CIS , which might also indicate that Comodo is not put to test anymore (since it has not received updates for two years, there won't be a bug bounty program either).
According to these references latest Comodo version has at least three unfixed serious holes in its defense!
Oh @Oerlink brother where art thou to provide us mortals the thoughts and insights of his Melihness on this matter?
Test Antivirus-Programme Comodo (latest from 2019) and it also participated in the 2020 round of AV-Labs and was awarded product of the year https://avlab.pl/wp-content/uploads/2021/01/AVLab-Product-of-the-year-2020.pdf
To be fair there is only 1 critical vulnability reported in two years (in 2022 which is still not fixed): CVE-2022-34008 : Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privil On the other hand on Comodo's forum two rather serious Sandbox bypasses are mentioned List of current bugs - News / Announcements / Feedback - CIS , which might also indicate that Comodo is not put to test anymore (since it has not received updates for two years, there won't be a bug bounty program either).
According to these references latest Comodo version has at least three unfixed serious holes in its defense!
Oh @Oerlink brother where art thou to provide us mortals the thoughts and insights of his Melihness on this matter?
Last edited by a moderator:
I did not recall these tests to be honest, but everyone scores high there so I am not even following them anymore.
In regards to the vulnerabilities, I am sure there are many more. The scale of deployment, a.k.a market share of the product is too low to make it an attractive “honeypot” for attackers, but there is no way a seemingly-abandoned product to not be vulnerable. This makes things counter-productive - you are installing security but your security itself is the door to attacks.
There are more vulnerabilities and bypasses that are not discovered and as I said in a post above, there is no evidence that Comodo was ever designed in a secure way or that it is fit for the purpose.
Every antivirus relies on various frameworks, engines and third-party libraries as well. Together with Comodo vulnerabilities, all security holes in these third-party components (boost framework, 7zip/zlib, UI HTML renders and others) are also applicable.
There was an incorrect statement by @Oerlink that “AV Vendors distribute just basic bug fixes”. They distribute updated libraries and new features as well - when needed. McAfee was also recently entirely re-written from scratch:
Last edited:
F
ForgottenSeer 98186
LOLOh @Oerlink brother where art thou to provide us mortals the thoughts and insights of his Melihness on this matter?
01 February 2023:
How to be secure when Detection fails - Comodo Internet Security - CIS
Literally every endpoint security product out there can only provide protection and keep you secure only and “ONLY” if they can detect a threat. W
forums.comodo.com
Now that you feel stuck in a corner, unable to wiggle left and right anymore, this is your answer… LOL and a link to Melih’s professional profiles, as well as a video we’ve all seen. I expected more!
Last edited:
F
ForgottenSeer 98186
"I too have a 2 year old CIS on my computers and they it just works!
"-- Melih
LOL
Obviously nobody here bothers to read what Melih says... lol
There is no dedicated CF\CIS developer team at Comodo. Melih has them working on other projects all the time but it seems people cannot figure this out. For the past two years Melih had his development team working on his other company projects (Melih owns multiple companies) and then the Xcitium project.
Last edited by a moderator:
Signed malware and even worse, supply chain attacks can evade many defences from many companies and according to Trend Micro papers, a certificate from a company of choice is on sale for 10K, whilst from Sectigo it is much cheaper. The paper is linked in my original post above.
I won’t go into details who’s more vulnerable to signed malware, but nobody is immune — Including Comodo with the magical sandbox. That’s why it’s wrong saying “it’s ahead of its time, it doesn’t need updates”.
Attackers are always very creative and there is hardly any measure that they haven’t managed to workaround.
Last edited:
F
ForgottenSeer 98186
Not delusional. They are just happy, joyous and free because of Comodo's unbeatable security.
Wasn’t the CCleaner thing an issue pretty much for a majority of AVs not just for Comodo?
- Status
You may also like...
-
-
AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way- Started by oldschool
- Replies: 4
-
-
SThank you for coming to Norway and experiencing the magic of our Hygge Desks
- Started by Santiago Benavides García
- Replies: 2
-
COMODO Internet Security 2025 Premium- Started by Shadowra
- Replies: 106